CSV#

Note

New in version 3.3.0.

In EclecticIQ Intelligence Center 3.3.0 and newer, you can use the Advanced Entities CSV or Advanced Observables CSV content type with one of the generic transport types to send intelligence out in a custom CSV format. E.g.: Outgoing feed - HTTP Download feed, Outgoing feed - SFTP upload, Outgoing feed - Amazon S3 push, etc.

For more information, see Configure content types.

# Release History

# EclecticIQ Advanced CSV Extension

## 2.14.1, 3.0.1

Release date: 25 July 2023

**Added:**

- This release adds parsing of confidence, likely impact and tag entries to entities
- Maliciousness level are added to observables


## Release versions: 2.11.2, 2.10.2

Release date: 24 January 2022

**Added:**

- Users can now map CSV data to the following fields in entities:
`entity.meta.estimated_threat_start_time`, `entity.meta.estimated_threat_end_time`,
`entity.meta.estimated_threat_observed_time`.

## Release versions: 2.9.2, 2.10.1

Release date: July, 2021

### Introduction
Extension is used to ingest CSV files and transform them into EIQ TIP entities.
Each row in the CSV file ends up as a single entity in the platform.

CSV columns are mapped to specific `entity fields`. Following entity fields can be used for mapping: 

- `entity.name` - entity title or `untitled`
- `entity.type` - entity type, or `indicator` if not set
- `entity.description` - entity description 
- `entity.references` - entity references
- `entity.tags` - entity tags
- `entity.meta.estimated_threat_start_time` - entity estimated threat start time
- `entity.meta.estimated_threat_end_time` - entity estimated threat end time
- `entity.meta.estimated_observed_time` - entity estimated observed time
- `entity.observable.<observable_type>` - entity observables value per observable type 
  (no other attributes related to observables can be mapped)


**Added:**

* New option to ignore comment-like lines in CSV files.


**Features:**

* Initial release.
* Now provides the Advanced CSV incoming feed.